Decrypt files with Decrypt_mblblock.exe – Decrypt Protect

If your computer is locked by Decrypt Protect [MBL Advisory], and you are seeing a message like “You have lost control over your computer” or “You have 48 hours left to enter your payment” then your computer is infected with ransomware. With HitmanPro.Kickstart you can easily remove the ransomware but after removing you will see that all your files are encrypted.

After the encryption it will rename the files as a HTML file, with inside the original encrypted file. If you try to open any of these encrypted files, you will be redirect to the malcious web page, which is currently at xblblock.com, that will display the same screen of the “Decrypt Protect [MBL Advisory]” and will try to persuade you to pay the ransom in the form of a MoneyPak voucher.

The Decrypt Protect virus (ransomware) encrypts all files with a RC6 encryption and a simple XOR obfuscation. Fabian Wosar (Emsisoft) has developed a decrypter that you can use to decrypt the encrypted files.

Decrypt files with Decrypt_mblblock.exe – Decrypt Protect

If you only have a single hard disk with one partition, the only thing you need to start the tool.

Windows XP users can simply double click and run the tool, Windows Vista, 7 & 8 users need to run the tool with administrator rights.

Now it will automatically scan your complete hard disk for decrypt the files, when there are encryptes files present it will automatically decrypt those without deleting the encrypted originals.

After the decryption check all of the decrypted files if they open properly.

Once you verified the files were decrypted properly you can delete the encrypted HTML files.

If you have more than one hard disk or partitions with encrypted files, things a slightly more complicated. To scan and decrypt files on those other hard disks or partitions you will have to pass the additional drives as a command line parameter:

While holding down the Windows key now press the R key. The “Run Box” will now appear.

In the “Run box” Type in “cmd.exe” and press Enter.

The Windows Command Line prompt should show up.

You first need to switch into the directory where you downloaded the decryption tool to.

This can be done using the cd command: cd /d “<path>”

Just replace <path> with the path you downloaded the decryption tool to. If you downloaded it to C:\Users\Administrator\Downloads for example the exact command line to type in should look like this:

cd /d “C:\Users\Administrator\Downloads”

If you did everything right you will see that the command prompt changed slightly and now references the download directory.

Run the decryption tool with a list of all your drives you want the tool to scan. If you have a C:, D: and E: drive for example, run the tool like this:

decrypt_mblblock.exe C:\ D:\ E:\

Please be patient while the tool is running, and you may better not use the computer before the tool is ready.

Decrypt files with Decrypt_mblblock.exe – Decrypt Protect (video)

Decrypt Protect virus [Removal Guide]

The Decrypt Protect virus will completely lock you out of your computer, so whenever you’ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of 300$ in the form of a Ukash, Paysafecard or MoneyPak code. Ignore any alert anddon’t pay with Ukash or PaySafeCard, because you will send your money directly to the cybercriminals. Use the instructions below to remove the Decrypt Protect virus completely from your computer.

Please download HitmanPro to your desktop.Press this link for the complete “User Manual” for HitmanPro.Kickstart.

Start the program by double clicking on HitmanPro.exe. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Click on the “HitmanPro.Kickstart” button to create a bootable USB-stick with HitmanPro.Kickstart (see the screenshot below).

Now insert the USB flash drive that you will use to write the HitmanPro.Kickstart files to.

As soon as one or more USB flash drives are detected, a selection screen will be presented.

Now select the USB flash drive on which you want to place the HitmanPro.Kickstart files and press the button Install Kickstart.

Important! Be aware that that all contents of the selected flash drive will be erased before the HitmanPro.Kickstart files are written.

If you press the ‘Yes’ button now, the selected USB flash drive will be formatted and all necessary HitmanPro.Kickstart files will be retrieved from the HitmanPro servers and written to the flash drive

Once the process is completed you can now remove the USB flash drive from the PC and use it to remove the malware from a ransomed PC.

Now insert the HitmanPro.Kickstart USB flash drive into a USB port of the ransomed PC and start the PC.

During the startup of the PC, enter the (BBS) Bios Boot Selector menu with F10 or F11 and select the USB flash drive that contains HitmanPro.Kickstart to boot from.

If it’s not possible to enter the BBS go into the BIOS and set the USB option as your first boot-device by the boot-sequence.

The default way to boot is option 1, which skips the master boot record of your hard drive. If you do not press any key, the process will continue after 10 seconds using the default boot selection.

If you see a logon screen you can either select a user and logon, or if you wait approximately 15 seconds, HitmanPro will be started on your Windows logon screen.

Click on the next button. You must agree with the terms of EULA.

Check the box beside “No, I only want to perform a one-time scan to check this computer“.

Click on the next button.

The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

Click on the next button and choose the option activate free license

Click on the next button and the infections where found will be deleted.

Click now on the Save Log option and save this log to your desktop.

Click on the next button and restart the computer.

Run a scan with Emsisoft Anti-Malware

After the removal process with HitmanPro.Kickstart, and using decrypt_mblblock.exe perform a deep scan with Emsisoft Anti-Malware.

If the setup program displays an alert about safe mode if you try to install Emsisoft Anti-Malware in safe mode, please click on the Yes button to continue.

You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.

In the next screen accept the License Agreement by checking the option “I accept the agreement” and click on the install button.

After the necessary files are copied, you will get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.

If you want to use the freeware mode whitout protection choose this option, we recommend to use the 30 days free trial (within this option you can get the full version of Emsisoft Anti-Malware for free, click here for more information about the Emsisoft Referral Rewards Program.

You will now be at a screen asking if you wish to join Emsisoft’s Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.

Next Emsisoft Anti-Malware will begin to update it’s virus defenitions.

When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.

Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned.

Emsisoft Anti-Malware will now start to scan your computer for rootkits and malware.

Please be patient while Emsisoft Anti-Malware scans your computer.

When the scan has finished, the program will display the scan results that shows what infections where found.

Now click on the Quarantine Selected Objects button, which will remove the infections and place them in the program’s quarantine.

If you see a messag like “Not all Malware objects have been quarantined, Do you want to place them in quarantine now?” click on “Yes“

You will now be at the last screen of the Emsisoft Anti-Malware setup program, click on the button Close setup wizzard.

If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.

Information

Some of the programs that we used in our malware removal guides would be a good idea to keep and used often in helping to keep the computer clean. Malwarebytes Anti-Malware is one of the most powerful anti-malware tools. It is totally free but for real-time protection you will have to pay a small one-time fee. The license of Malwarebytes Anti-Malware is life-time so you have to buy it once, and because Malwarebytes Anti-Malware is a great addition to your regular virusscanner of security programs.

Choose a good internet security suite, Bitdefender’s Internet security 2013 is an excellent, user-friendly security suite, and with the autopilot technology there are no popups, no alerts or other messages because in this mode it will resolve almost every security issue on its own without the intervention of the user.

Bitdefender 2013 has been officially named “Product Of The Year”, “Best Antivirus For 2013″ and “Best Repair of 2012″ by the famous PC MAG magazine, and by two major reviewing institutions to date, AV-Test and AV-Comparatives. These achievements crown a year of accolades and awards, including distinctions from CNET, Laptop, Magazine, PC PRO, Expert Reviews, WebUser, PC Achat and Micro Hebdo.